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DETAILED ACTION 

Request for Continued Examination 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 
1.17(e) has been timely paid, the finality of the previous Office action has been 
withdrawn pursuant to 37 CFR 1.114. 

2. Amendment received January 10, 2008 has been entered into record. Claims 1-12, 14- 
23, and 25-29 remain pending. 

Response to Amendment 

3. This office action is in response to the Applicants' Amendment filed on January 1 0, 
2008. Applicants amended claims 1, 15, 18, 26, and 29 and canceled claims 13 and 24. 
Claims 1-12, 14-23, and 25-29 are presented for further consideration and examination. 

Claim Rejections - 35 USC §103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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5. Claims 1. 5-7. 10-12. 14. 17-19. 21-23. 25. and 28 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Bussiere (US006041042A), in view of Amara et al. 
(US006839338B1 ), in view of Zhang et al. (US006985935B1 ), and further in view of Ni 
(US007042843B2). 



6. With regard to claims 1 and 18 . Bussiere discloses, 

• receiving by an entry device a data packet to be remotely mirrored from the first 
network layer 2 domain, wherein the entry device is pre-configured with a 
destination Internet Protocol (IP) address to which to mirror the data packet, and 
the destination IP address is associated with a remote exit device in the second 
network layer 2 domain; (Bussiere, col.1, line 5 - col. 10, line 65) 
Bussiere discloses, "FIG. 2 illustrates, by way of example, part of a network 
system in which a source device is monitored by a remote analyzer. The source 
device is referred to as an ingress device 15 for so long as the device is being 
monitored, and can be anyone of the network communication devices (e.g., 
devices 1-4, 6 and 9 in FIG. 1). Ingress device 15 may have multiple ports 
through which packets may be received and sent. In FIG. 2, port 13 has been 
selected as the port to be monitored. Thus, in this example, device 15 is the 
ingress device and port 13 is the "mirror-from-port." A "mirror-to-port" 14 is the 
out port on ingress device 15 that is on a path 12 set up through the connection- 
oriented network 10 to the egress device 18. All packets received and sent by the 
port 13 are also copied and transmitted through the network 10 to analyzer 5, 
located off analyzer port 11 of egress device 18. The "egress device" is the 
device on the network that is used to monitor the mirror-from-port 13 on the 
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ingress device 15. Any device may be selected as the egress device" (Bussiere, 
col.4, line 66 - col.5, line 17). Hence, Bussiere teaches of the ingress device 15 
(i.e., Applicants' entry device) receiving packets (i.e., Applicants' data packet) 
that are being monitored through port 13 (e.g., "mirror-from-port") (i.e., 
Applicants' to be monitored) and transmitting them through "mirror-to-port" 14 to 
the egress device 18 (i.e., Applicants' remote mirrored device). Bussiere 
discloses, "In step 41, a port on a device in the network is selected to be 
monitored (i.e., a device is designated as an ingress device). Special hardware 
(and/or software) is set-up in the ingress device (e.g., 15), defining one port (e.g., 
port 13) as the "mirror-from-port" and one port (e.g., port 14) as "mirror-to-port". 
In step 42, frame encapsulation logic (e.g., 15') is set up in the ingress device 
(e.g., 15). In step 43, a path, (e.g., path 12), is set-up from a specific out-port of 
the ingress device (e.g., "mirror-to-port" 14) through the trunk devices (e.g., 16 
and 17) to the egress device (e.g., 7 8j" (Bussiere, col. 6, lines 41-50). Hence, 
Bussiere teaches of the ingress device (e.g., "mirror- to-port" 14) (i.e., Applicants' 
entry device) is set up (i.e., Applicants' configured) with a path through the use of 
source and destination addresses (i.e., Applicants' destination IP address) so 
that data is forwarded to the egress device (i.e., Applicants' destination which 
mirror the data packet, remote exit device). 
• generating and adding an IP header to IP encapsulate the data packet, wherein 
the IP header includes the destination IP address; and (Bussiere, col.1, line 5 - 
col. 10, line 65) 

Bussiere discloses, "According to a method embodiment, the invention 
comprises the steps of: selecting a first port of a first device from which to mirror 
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packets; selecting a first port of a second device to which to mirror the packets; 
and mirroring the packets from the first port of the first device to the first port of 
the second device by encapsulating the packets and sending the encapsulated 
packets through the network to the second device. The first device encapsulates 
the packets, enabling them to be transmitted out the network to the second 
device; the second device de-encapsulates the encapsulated packets, and 
provides the same to an analyzer. The mirroring step may include establishing a 
connection path through a switched network from the first device to the second 
device and sending the encapsulated packets on the path. The step of 
encapsulating the packets may include adding a header which identifies the 
connection path" (Bussiere, col. 2, lines 27-46). Hence, Bussiere teaches of the 
first device (i.e., Applicants' entry device) encapsulating the packets (i.e., 
Applicants' data packet) by including (i.e., Applicants' adding) headers identifying 
(i.e., Applicants' includes) the address of the destination (i.e., Applicants' 
destination address) device. 
• forwarding the IP -encapsulated packet to an exit device associated with the 
destination IP address. (Bussiere, col.1, line 5 - col. 10, line 65) 
Bussiere discloses, "According to a method embodiment, the invention 
comprises the steps of: selecting a first port of a first device from which to mirror 
packets; selecting a first port of a second device to which to mirror the packets; 
and mirroring the packets from the first port of the first device to the first port of 
the second device by encapsulating the packets and sending the encapsulated 
packets through the network to the second device. The first device encapsulates 
the packets, enabling them to be transmitted out the network to the second 
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device; the second device de-encapsulates the encapsulated packets, and 
provides the same to an analyzer. The mirroring step may include establishing a 
connection path through a switched network from the first device to the second 
device and sending the encapsulated packets on the path. The step of 
encapsulating the packets may include adding a header which identifies the 
connection path" (Bussiere, col.2, lines 27-46). Hence, Bussiere teaches of the 
first device (i.e., Applicants' entry device) encapsulating the packets (i.e., 
Applicants' data packet) by including (i.e., Applicants' adding) headers identifying 
(i.e., Applicants' includes) the address of the destination (i.e., Applicants' 
destination address) device and transmitting (i.e., Applicants' forwarding) them 
(i.e., Applicants' encapsulated packet) to the second device (i.e., Applicants' exit 
device) through the network based on the destination address (i.e., Applicants' 
associated with the destination address). 
However, Bussiere does not explicitly disclose, 

• generating and adding an IP header to IP encapsulate the data packet, wherein 
the IP header includes the destination IP address; 

• forwarding the IP-encapsulated packet to an exit device associated with the 
destination IP address; and 

Amara teaches, 

• generating and adding an IP header to IP encapsulate the data packet, wherein 
the IP header includes the destination IP address; (Amara, col.1, line 7 - col. 18, 
line 38) 

Amara discloses, "IP can be used to send data between devices on the same 
network and between devices on different networks. For IP communications, a 
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device is generally assigned a 32-bit IP address. The IP address is generally 
globally unique across the connected networks, and this allows the destination 
device to be uniquely identified by its IP address. Data is transmitted in an IP 
packet. The IP packet includes a header portion and a data portion" (Amara, 
col.3, lines 31-38). Amara discloses, "The virtual tunnel 126 can be created by 
encapsulating a data packet inside another data packet and by adding additional 
tunnel packet headers" (Amara, col. 6, lines 43-45). Hence, Amara implies of IP 
encapsulating data packets using IP headers and transmitting them to the 
destination based on the destination IP address of the IP header through devices 
on different networks. 
• forwarding the IP-encapsulated packet to an exit device associated with the 
destination IP address; and (Amara, col.1, line 7 - col. 18, line 38) 
Amara discloses, "IP can be used to send data between devices on the same 
network and between devices on different networks. For IP communications, a 
device is generally assigned a 32-bit IP address. The IP address is generally 
globally unique across the connected networks, and this allows the destination 
device to be uniquely identified by its IP address. Data is transmitted in an IP 
packet. The IP packet includes a header portion and a data portion" (Amara, 
col.3, lines 31-38). Amara discloses, "The virtual tunnel 126 can be created by 
encapsulating a data packet inside another data packet and by adding additional 
tunnel packet headers" (Amara, col.6, lines 43-45). Hence, Amara implies of IP 
encapsulating data packets using IP headers and transmitting them to the 
destination based on the destination IP address of the IP header through devices 
on different networks. 
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Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Amara with the teachings of 
Bussiere "to send data between devices on the same network and between devices 
on different networks" (Amara, col.3, lines 31-32). Bussiere discloses, "As 
businesses have realized the economic advantages of sharing expensive computer 
resources, cabling systems (both physical and wireless) have proliferated to enable 
the sharing of such resources over a network. A local area network, or 'LAN', refers 
to an interconnected data network that is usually confined to a moderately-sized 
geographical area, such as a single office building or a campus area. Larger 
networks are often referred to as wide area networks or WANs'. Networks may be 
formed using a variety of different interconnection elements, such as unshielded 
twisted pair cables, shielded twisted pair cables, coaxial cable, fiber optic cable, and 
wireless interconnection elements. The configuration of these cabling elements, and 
the interfaces for the communications medium, may follow one or more topologies 
such as a star, ring, bus or mesh" (Bussiere, col.1, lines 13-28). Hence, Bussiere 
suggests of communicating between networks, providing motivation to combine with 
the teachings of Amara to send data packets between different networks via IP 
encapsulation. 

However, Bussiere and Amara do not explicitly disclose, 

• receiving by an entry device a data packet to be remotely mirrored from the first 
network layer 2 domain, wherein the entry device is pre-configured with a 
destination Internet Protocol (IP) address to which to mirror the data packet, and 
the destination IP address is associated with a remote exit device in the second 
network layer 2 domain; 
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Zhang teaches, 

• receiving by an entry device a data packet to be remotely mirrored from the first 
network layer 2 domain, wherein the entry device is pre-configured with a 
destination Internet Protocol (IP) address to which to mirror the data packet, and 
the destination IP address is associated with a remote exit device in the second 
network layer 2 domain; (Zhang, col.1, line 6 - col. 16, line 33) 
Zhang discloses, "Once the Layer 2 tunnel is setup and a necessary link is 
established, the LNS typically assigns an IP address to an authenticated client, 
and sends it to the network access device over the Layer 2 tunnel. The network 
access device receives the IP address and transfers it to the client (129)." 
(Zhang, col. 9, lines 20-24). Hence, Zhang teaches of communicating between 
networks through layer 2 encapsulation. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Zhang with the teachings of 
Bussiere and Amara "to send data between devices on the same network and 
between devices on different networks" (Amara, col. 3, lines 31-32). Bussiere 
discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or WANs'. 
Networks maybe formed using a variety of different interconnection elements, such 
as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
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optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
one or more topologies such as a star, ring, bus or mesh" (Bussiere, col. 1 , lines 1 3- 
28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. 

However, Bussiere, Amara, and Zhang do not explicitly disclose, 

• configuring the entry device in a best effort mirroring mode to reduce head-of-line 
blocking. 

Ni teaches, 

• configuring the entry device in a best effort mirroring mode to reduce head-of-line 
blocking. (Ni, col.1, line 10 - col. 14, line 40) 

Ni discloses, "The issue then becomes how does a system manage the 
scheduling of the transmission of the packets so that no voice or video 
transmission interval violation occurs and no best effort starvation occurs. An 
embodiment of the invention addresses this issue by providing a method to 
restrict the total number of active class of services (flows) for voice and video 
packets so that 1) the maximum wait time for any port's voice/video queue is less 
than or equal to the maximum transmission interval (i.sub.m), 2) the process of 
interleaving voice, video and best effort traffic does not delay the transmission of 
the next voice/video packet transmit time, and 3) the process does not starve the 
video and best effort traffic for service" (Ni, col. 7, lines 1 7-29). Hi discloses, 
"HOL blocking is a phenomenon that may occur in an input buffered switch 
wherein a packet is temporarily blocked by another packet or packets either at 
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the input buffer or at the output buffer. HOL reduces the effectiveness of the 
transfer rate. One of the objectives of flow control is to inhibit the sending station 
or host from sending additional packets to a congested port for a predetermined 
amount of time. While a flow control scheme is expected to ease congestion, it 
may also aggravate the Head-of-Line (HOL) blocking problem by causing 
additional transmission delays" (Ni, col.7, lines 7-16). Hence, Ni teaches of 
utilizing best effort transmission method among others to avoid that starvation of 
best effort traffic for service and reducing the head-of-line (HOL) blocking and 
congestion problems. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Ni with the teachings of 
Bussiere, Amara, and Zhang "to send data between devices on the same network 
and between devices on different networks" (Amara, col. 3, lines 31-32). Bussiere 
discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or 'WANs'. 
Networks may be formed using a variety of different interconnection elements, such 
as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
one or more topologies such as a star, ring, bus or mesh" (Bussiere, col. 1 , lines 1 3- 
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28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. Ni discloses, "The issue then 
becomes how does a system manage the scheduling of the transmission of the 
packets so that no voice or video transmission interval violation occurs and no best 
effort starvation occurs" (Ni, col.7, lines 17-20). 

7. With regard to claims 5-7 and 19, Bussiere, Amara, Zhang, and Ni disclose, 

• further comprising: receiving the IP-encapsulated packet by the exit device; and 
removing the IP header to de-encapsulate the packet. (Bussiere, col.1, line 5 - 
col. 10, line 65; Amara, col.1, line 7 - col. 18, line 38; Zhang, col.1, line 6 - col. 16, 
line 33; Ni, col.1, line 10 - col. 14, line 40) 

Bussiere discloses, "The first device encapsulates the packets, enabling them to 
be transmitted out the network to the second device; the second device de- 
encapsulates the encapsulated packets, and provides the same to an analyzer. 
The mirroring step may include establishing a connection path through a 
switched network from the first device to the second device and sending the 
encapsulated packets on the path. The step of encapsulating the packets may 
including adding a header which identifies the connection path" (Bussiere, col.2, 
lines 38-46). 

• wherein the remote mirroring preserves an original format of the data packet. 
(Bussiere, col.1, line 5 - col.1 0, line 65; Amara, col.1, line 7 - col.1 8, line 38; 
Zhang, col.1, line 6 - col. 16, line 33; Ni, col.1, line 10 - col. 14, line 40) 
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• further comprising: pre-configuring the entry device to mirror data packets from at 
least one specified port of the entry device. (Bussiere, col.1, line 5 - col. 10, line 
65; Amara, col.1, line 7 - col. 18, line 38; Zhang, col.1, line 6 - col. 16, line 33; Ni, 
col.1, line 10 -col. 14, line 40) 



8. With regard to claims 10-12, 14, 21-23, and 25 , Bussiere, Amara, Zhang, and Ni 
disclose, 

• further comprising: pre-configuring the entry device to mirror data packets which 
include IP addresses that matches at least one entry in an IP hash table. 
(Bussiere, col.1, line 5 - col. 10, line 65; Amara, col.1, line 7 - col. 18, line 38; 
Zhang, col.1, line 6 - col. 16, line 33; Ni, col.1, line 10 - col. 14, line 40) 
Bussiere discloses, "FIG. 2 illustrates, by way of example, part of a network 
system in which a source device is monitored by a remote analyzer. The source 
device is referred to as an ingress device 15 for so long as the device is being 
monitored, and can be anyone of the network communication devices (e.g., 
devices 1-4, 6 and 9 in FIG. 1). Ingress device 15 may have multiple ports 
through which packets may be received and sent. In FIG. 2, port 13 has been 
selected as the port to be monitored. Thus, in this example, device 15 is the 
ingress device and port 13 is the "mirror-from-port." A "mirror-to-port" 14 is the 
out port on ingress device 15 that is on a path 12 set up through the connection- 
oriented network 10 to the egress device 18. All packets received and sent by the 
port 13 are also copied and transmitted through the network 10 to analyzer 5, 
located off analyzer port 11 of egress device 18. The "egress device" is the 
device on the network that is used to monitor the mirror-from-port 13 on the 
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ingress device 15. Any device may be selected as the egress device" (Bussiere, 
col.4, line 66 -col. 5, line 17). 

• further comprising: pre-configuring the entry device to mirror data packets which 
include an IP destination address that matches at least one specified subnet 
entry in a best matching prefix (BMP) table. (Bussiere, col.1, line 5 - col. 10, line 
65; Amara, col.1, line 7 - col. 18, line 38; Zhang, col.1, line 6 - col. 16, line 33; Ni, 
col.1, line 10 -col. 14, line 40) 

• further comprising: pre-configuring the entry device to mirror data packets 
matching at least one access control list (ACL) entry. (Bussiere, col.1 , line 5 - 
col. 10, line 65; Amara, col.1, line 7 - col. 18, line 38; Zhang, col.1, line 6 - col. 16, 
line 33; Ni, col.1, line 10 - col. 14, line 40) 

• further comprising: configuring the entry device in a lossless mirroring mode to 
assure completeness of mirrored traffic. (Bussiere, col.1, line 5 - col. 10, line 65; 
Amara, col.1, line 7 - col. 18, line 38; Zhang, col.1, line 6 - col. 16, line 33; Ni, 
col.1, line 10 -col. 14, line 40) 

9. With regard to claims 17 and 28, Bussiere, Amara, Zhang, and Ni disclose, 

• further comprising: pre-configuring the entry device to mirror data packets which 
include IP addresses that matches at least one entry in an IP hash table. 
(Bussiere, col.1, line 5 - col.1 0, line 65; Amara, col.1, line 7 - col.1 8, line 38; 
Zhang, col.1, line 6 - col. 16, line 33; Ni, col.1, line 10 - col. 14, line 40) 
Amara discloses, "The IPsec services can be applied in one of two modes, a 
"transport mode" or a "tunnel mode. " In the transport mode generally only the IP 
packet's data is encrypted. The IP packet is routed to the destination devices 
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using a destination address (e.g., the IP destination address 72). In the transport 
mode the destination IP address and the source IP address may both be "visible" 
(i.e., not encrypted) to other devices on the network. As a consequence, another 
device may be able to monitor the number of packets sent between a source 
device and a destination device. However, since the data is encrypted, the 
device ordinarily will not be able to determine the contents of the data in the IP 
packets. Once the transport mode packet reaches its final destination, the 
destination device performs the IPsec processing. For example, the destination 
device may decrypt the data carried in the IP packet according to an agreed 
encryption method" (Amara, col.8, lines 50-65). 



10. Claims 2-4, 8-9, and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bussiere (US006041042A), in view of Amara et al. (US006839338B1), in view of Zhang 
et al. (US006985935B1), in view of Ni (US007042843B2), and further in view of Liu et al. 
(US 200401 84408A1). 



1 1 . With regard to claim 2 , Bussiere, Amara, Zhang, and Ni disclose, 
See claim 1 rejection as detailed above. 

However, Bussiere, Amara, Zhang, and Ni do not explicitly disclose, 

• further comprising: determining a media access control (MAC) address 

associated with the destination IP address; generating and adding a MAC header 
to the IP-encapsulated packet to form a MAC data frame, wherein the MAC 
header includes the MAC address in a destination field; and transmitting the 
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MAC data frame to communicate the IP-encapsulated packet across the second 
network layer 2 domain to the remote exit device. 
Liu teaches, 

• further comprising: determining a media access control (MAC) address 

associated with the destination IP address; generating and adding a MAC header 
to the IP-encapsulated packet to form a MAC data frame, wherein the MAC 
header includes the MAC address in a destination field; and transmitting the 
MAC data frame to communicate the IP-encapsulated packet across the second 
network layer 2 domain to the remote exit device. (Liu, para. 1-34) 
Liu discloses, "In another embodiment, a medium access control (MAC) 
encapsulated data packet for distribution over an Ethernet network is disclosed. 
The MAC encapsulated data packet includes a provider destination MAC 
address field; a provider source MAC address field; an Ethertype field; and 
followed by a customer data packet. In other words, the customer data packet 
encapsulates a provider header that includes the provider destination MAC 
address field, the provider source MAC address field, and the Ethertype field" 
(Liu, para. 1 1). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Liu with the teachings of 
Bussiere, Amara, Zhang, and Ni "to send data between devices on the same network 
and between devices on different networks" (Amara, col.3, lines 31-32). Bussiere 
discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
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network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or 'WANs'. 
Networks may be formed using a variety of different interconnection elements, such 
as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
one or more topologies such as a star, ring, bus or mes/7" (Bussiere, col.1, lines 13- 
28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. In addition, Brown discloses, "The 
resources required for one or more applications may lead one or more conferencing 
participants to participate in a less resource-intensive manner" (Brown, col. 7, lines 
52-55). 



12. With regard to claims 3-4, 8-9, and 20, Bussiere, Amara, Zhang, Ni, and Liu disclose, 
• wherein determining the MAC address comprises: determining if a mapping of 
the destination IP address to the MAC address is stored in an address resolution 
protocol (ARP) cache; if so, then retrieving the MAC address from the ARP 
cache; and if not, then broadcasting an ARP request with the destination IP 
address and receiving an ARP reply with the MAC address. (Bussiere, col.1, line 
5 - col. 10, line 65; Amara, col.1, line 7 - col. 18, line 38; Zhang, col.1, line 6 - 
col. 16, line 33; Ni, col.1, line 10 -col. 14, line 40; Liu, para. 1-34) 
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• further comprising: pre-configuring the entry device to mirror data packets which 
include a VLAN tag with at least one specified VLAN identifier. (Bussiere, col.1 , 
line 5 - col. 10, line 65; Amara, col.1, line 7 - col. 18, line 38; Zhang, col.1, line 6 - 
col. 16, line 33; Ni, col.1, line 10 -col. 14, line 40; Liu, para. 1-34) 

• further comprising: pre-configuring the entry device to mirror data packets which 
include MAC addresses that matches at least one entry in a MAC look-up table. 
(Bussiere, col.1, line 5 - col. 10, line 65; Amara, col.1, line 7 - col. 18, line 38; 
Zhang, col.1, line 6 - col. 16, line 33; Ni, col.1, line 10 - col. 14, line 40; Liu, 
para. 1-34) 

13. Claims 16 and 27 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Bussiere (US006041042A), in view of Amara et al. (US006839338B1), in view of Zhang 
et al. (US006985935B1), in view of Ni (US007042843B2), and further in view of Brown 
(US007124166B2). 

14. With regard to claims 16 and 27 , Bussiere, Amara, Zhang, and Ni disclose, 

See claims 1 and 18 rejection as detailed above. 

However, Bussiere, Amara, Zhang, and Ni do not explicitly disclose, 

• further comprising: compressing at least a portion of the data packet to reduce a 
size of the IP-encapsulated packet prior to forwarding thereof. 

Brown teaches, 

• further comprising: compressing at least a portion of the data packet to reduce a 
size of the IP-encapsulated packet prior to forwarding thereof. (Brown, col.1, 
lines 8 -col. 18, line 23) 
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Brown discloses, "Typically, video conferencing application 21 OA encodes and 
displays audio and video content. Implementations of video conferencing 
application 21 OA use compression to reduce the bandwidth consumed by 
transmitting the stream of data units. For example, video conferencing protocols 
and techniques may reduce the resolution, detail, or frame rate to reduce the 
bandwidth consumed. In another example, the frame-to-frame differences may 
be encoded for transmission instead of encoding each frame. Similar techniques 
may be applied to the audio signal. For example, the sampling rate of the audio 
signal may be reduced or the signal may be compressed" (Brown, col. 7, lines 56- 
67). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Brown with the teachings of 
Bussiere, Amara, Zhang, and Ni "to send data between devices on the same network 
and between devices on different networks" (Amara, col. 3, lines 31-32). Bussiere 
discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or WANs'. 
Networks may be formed using a variety of different interconnection elements, such 
as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
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one or more topologies such as a star, ring, bus or mesh" (Bussiere, col. 1 , lines 1 3- 
28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. In addition, Brown discloses, "The 
resources required for one or more applications may lead one or more conferencing 
participants to participate in a less resource-intensive manner" (Brown, col. 7, lines 
52-55). 

15. Claims 15 and 26 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Bussiere (US006041042A), in view of Amara et al. (US006839338B1), in view of Zhang 
et al. (US006985935B1 ), and further in view of Regan (US 2004021 3232A1 ). 

16. With regard to claims 15 and 26 , Bussiere discloses, 

• receiving by an entry device a data packet to be remotely mirrored from the first 
network layer 2 domain, wherein the entry device is ore-configured with a 
destination Internet Protocol (IP) address to which to mirror the data packet and 
the destination IP address is associated with a remote exit device in the second 
network layer 2 domain; (Bussiere, col.1, line 5 - col. 10, line 65) 
Bussiere discloses, "FIG. 2 illustrates, by way of example, part of a network 
system in which a source device is monitored by a remote analyzer. The source 
device is referred to as an ingress device 15 for so long as the device is being 
monitored, and can be anyone of the network communication devices (e.g., 
devices 1-4, 6 and 9 in FIG. 1). Ingress device 15 may have multiple ports 
through which packets may be received and sent. In FIG. 2, port 13 has been 
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selected as the port to be monitored. Thus, in this example, device 15 is the 
ingress device and port 13 is the "mirror-from-port. "A "mirror-to-port" 14 is the 
out port on ingress device 15 that is on a path 12 set up through the connection- 
oriented network 10 to the egress device 18. All packets received and sent by the 
port 13 are also copied and transmitted through the network 10 to analyzer 5, 
located off analyzer port 11 of egress device 18. The "egress device" is the 
device on the network that is used to monitor the mirror-from-port 13 on the 
ingress device 15. Any device may be selected as the egress device" (Bussiere, 
col.4, line 66 - col.5, line 17). Hence, Bussiere teaches of the ingress device 15 
(i.e., Applicants' entry device) receiving packets (i.e., Applicants' data packet) 
that are being monitored through port 13 (e.g., "mirror-from-port") (i.e., 
Applicants' to be monitored) and transmitting them through "mirror-to-port" 14 to 
the egress device 18 (i.e., Applicants' remote mirrored device). Bussiere 
discloses, "In step 41, a port on a device in the network is selected to be 
monitored (i.e., a device is designated as an ingress device). Special hardware 
(and/or software) is set-up in the ingress device (e.g., 15), defining one port (e.g., 
port 13) as the "mirror-from-port" and one port (e.g., port 14) as "mirror-to-port". 
In step 42, frame encapsulation logic (e.g., 15') is set up in the ingress device 
(e.g., 15). In step 43, a path, (e.g., path 12), is set-up from a specific out-port of 
the ingress device (e.g., "mirror-to-port" 14) through the trunk devices (e.g., 16 
and 17) to the egress device (e.g., 18)" (Bussiere, col. 6, lines 41-50). Hence, 
Bussiere teaches of the ingress device (e.g., "mirror-to-port" 14) (i.e., Applicants' 
entry device) is set up (i.e., Applicants' configured) with a path through the use of 
source and destination addresses (i.e., Applicants' destination IP address) so 
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that data is forwarded to the egress device (i.e., Applicants' destination which 
mirror the data packet, remote exit device). 

• generating and adding an IP header to IP encapsulate the data packet, wherein 
the IP header includes the destination IP address; and (Bussiere, col.1, line 5 - 
col. 10, line 65) 

Bussiere discloses, "According to a method embodiment, the invention 
comprises the steps of: selecting a first port of a first device from which to mirror 
packets; selecting a first port of a second device to which to mirror the packets; 
and mirroring the packets from the first port of the first device to the first port of 
the second device by encapsulating the packets and sending the encapsulated 
packets through the network to the second device. The first device encapsulates 
the packets, enabling them to be transmitted out the network to the second 
device; the second device de-encapsulates the encapsulated packets, and 
provides the same to an analyzer. The mirroring step may include establishing a 
connection path through a switched network from the first device to the second 
device and sending the encapsulated packets on the path. The step of 
encapsulating the packets may include adding a header which identifies the 
connection path" (Bussiere, col.2, lines 27-46). Hence, Bussiere teaches of the 
first device (i.e., Applicants' entry device) encapsulating the packets (i.e., 
Applicants' data packet) by including (i.e., Applicants' adding) headers identifying 
(i.e., Applicants' includes) the address of the destination (i.e., Applicants' 
destination address) device. 

• forwarding the IP -encapsulated packet to an exit device associated with the 
destination IP address. (Bussiere, col.1 , line 5 - col.1 0, line 65) 
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Bussiere discloses, "According to a method embodiment, the invention 
comprises the steps of: selecting a first port of a first device from which to mirror 
packets; selecting a first port of a second device to which to mirror the packets; 
and mirroring the packets from the first port of the first device to the first port of 
the second device by encapsulating the packets and sending the encapsulated 
packets through the network to the second device. The first device encapsulates 
the packets, enabling them to be transmitted out the network to the second 
device; the second device de-encapsulates the encapsulated packets, and 
provides the same to an analyzer. The mirroring step may include establishing a 
connection path through a switched network from the first device to the second 
device and sending the encapsulated packets on the path. The step of 
encapsulating the packets may include adding a header which identifies the 
connection path" (Bussiere, col.2, lines 27-46). Hence, Bussiere teaches of the 
first device (i.e., Applicants' entry device) encapsulating the packets (i.e., 
Applicants' data packet) by including (i.e., Applicants' adding) headers identifying 
(i.e., Applicants' includes) the address of the destination (i.e., Applicants' 
destination address) device and transmitting (i.e., Applicants' forwarding) them 
(i.e., Applicants' encapsulated packet) to the second device (i.e., Applicants' exit 
device) through the network based on the destination address (i.e., Applicants' 
associated with the destination address). 
However, Bussiere does not explicitly disclose, 

• generating and adding an IP header to IP encapsulate the data packet, wherein 
the IP header includes the destination IP address; 
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• forwarding the IP-encapsulated packet to an exit device associated with the 
destination IP address; and 

Amara teaches, 

• generating and adding an IP header to IP encapsulate the data packet, wherein 
the IP header includes the destination IP address; (Amara, col.1, line 7 - col. 18, 
line 38) 

Amara discloses, "IP can be used to send data between devices on the same 
network and between devices on different networks. For IP communications, a 
device is generally assigned a 32-bit IP address. The IP address is generally 
globally unique across the connected networks, and this allows the destination 
device to be uniquely identified by its IP address. Data is transmitted in an IP 
packet. The IP packet includes a header portion and a data portion" (Amara, 
col.3, lines 31-38). Amara discloses, "The virtual tunnel 126 can be created by 
encapsulating a data packet inside another data packet and by adding additional 
tunnel packet headers" (Amara, col. 6, lines 43-45). Hence, Amara implies of IP 
encapsulating data packets using IP headers and transmitting them to the 
destination based on the destination IP address of the IP header through devices 
on different networks. 

• forwarding the IP-encapsulated packet to an exit device associated with the 
destination IP address; and (Amara, col.1, line 7 - col. 18, line 38) 

Amara discloses, "IP can be used to send data between devices on the same 
network and between devices on different networks. For IP communications, a 
device is generally assigned a 32-bit IP address. The IP address is generally 
globally unique across the connected networks, and this allows the destination 
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device to be uniquely identified by its IP address. Data is transmitted in an IP 
packet. The IP packet includes a header portion and a data portion" (Amara, 
col.3, lines 31-38). Amara discloses, "The virtual tunnel 126 can be created by 
encapsulating a data packet inside another data packet and by adding additional 
tunnel packet headers" (Amara, col.6, lines 43-45). Hence, Amara implies of IP 
encapsulating data packets using IP headers and transmitting them to the 
destination based on the destination IP address of the IP header through devices 
on different networks. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Amara with the teachings of 
Bussiere "to send data between devices on the same network and between devices 
on different networks" (Amara, col.3, lines 31-32). Bussiere discloses, "As 
businesses have realized the economic advantages of sharing expensive computer 
resources, cabling systems (both physical and wireless) have proliferated to enable 
the sharing of such resources over a network. A local area network, or 'LAN', refers 
to an interconnected data network that is usually confined to a moderately-sized 
geographical area, such as a single office building or a campus area. Larger 
networks are often referred to as wide area networks or 'WANs'. Networks may be 
formed using a variety of different interconnection elements, such as unshielded 
twisted pair cables, shielded twisted pair cables, coaxial cable, fiber optic cable, and 
wireless interconnection elements. The configuration of these cabling elements, and 
the interfaces for the communications medium, may follow one or more topologies 
such as a star, ring, bus or mesh" (Bussiere, col.1, lines 13-28). Hence, Bussiere 
suggests of communicating between networks, providing motivation to combine with 
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the teachings of Amara to send data packets between different networks via IP 
encapsulation. 

However, Bussiere and Amara do not explicitly disclose, 

• receiving by an entry device a data packet to be remotely mirrored from the first 
network layer 2 domain, wherein the entry device is pre-configured with a 
destination Internet Protocol (IP) address to which to mirror the data packet, and 
the destination IP address is associated with a remote exit device in the second 
network layer 2 domain; 

Zhang teaches, 

• receiving by an entry device a data packet to be remotely mirrored from the first 
network layer 2 domain, wherein the entry device is pre-configured with a 
destination Internet Protocol (IP) address to which to mirror the data packet, and 
the destination IP address is associated with a remote exit device in the second 
network layer 2 domain; (Zhang, col.1, line 6 - col. 16, line 33) 

Zhang discloses, "Once the Layer 2 tunnel is setup and a necessary link is 
established, the LNS typically assigns an IP address to an authenticated client, 
and sends it to the network access device over the Layer 2 tunnel. The network 
access device receives the IP address and transfers it to the client (129)." 
(Zhang, col. 9, lines 20-24). Hence, Zhang teaches of communicating between 
networks through layer 2 encapsulation. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Zhang with the teachings of 
Bussiere and Amara "to send data between devices on the same network and 
between devices on different networks" (Amara, col. 3, lines 31-32). Bussiere 
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discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or 'WANs'. 
Networks may be formed using a variety of different interconnection elements, such 
as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
one or more topologies such as a star, ring, bus or mesh" (Bussiere, col.1, lines 13- 
28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. 

However, Bussiere, Amara, and Zhang do not explicitly disclose, 

• truncating the data packet to reduce a size of the IP-encapsulated packet prior to 
forwarding thereof. 

Regan teaches, 

• truncating the data packet to reduce a size of the IP-encapsulated packet prior to 
forwarding thereof. (Regan, para. 1-36) 

Regan discloses, "Using a mirror service configured to send mirror packets via a 
primary network could increase congestion on the primary network, e.g., by 
interfering with the ability of a network to fulfill quality of service guarantees for 
transport services (e.g., VLAN) provided via the primary network. In some 
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embodiments, the effect of mirror service traffic is minimized by "slicing" 
oversized mirror packets, which reduces processing and time requirements, 
alleviating performance impacts. Mirror packets are truncated prior to being sent 
to a mirror destination. Truncation minimizes replication and tunneling overhead 
associated with transmitting packets to a mirror destination. In some 
embodiments, rate limiting is used to minimize the impact of mirror service 
packets on the performance of other services being provided using the network 
by limiting the rate at which mirror packets are sent via the mirror service. Rate 
limiting may be implemented with user or system specified limits, and may be 
dynamic, i.e., the permitted rate for the mirror service may change as conditions 
change, e.g., the extent to which QoS guarantees are being met" (Regan, 
para.30). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Regan with the teachings of 
Bussiere, Amara, and Zhang "to send data between devices on the same network 
and between devices on different networks" (Amara, col. 3, lines 31-32). Bussiere 
discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or 'WANs'. 
Networks maybe formed using a variety of different interconnection elements, such 
as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
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optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
one or more topologies such as a star, ring, bus or mesh" (Bussiere, col. 1 , lines 1 3- 
28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. In addition, Regan discloses, "In 
some embodiments, the effect of mirror service traffic is minimized by "slicing" 
oversized mirror packets, which reduces processing and time requirements, 
alleviating performance impacts. Mirror packets are truncated prior to being sent to a 
mirror destination. Truncation minimizes replication and tunneling overhead 
associated with transmitting packets to a mirror destination" (Regan, para. 30). 

17. Claim 29 are rejected under 35 U.S.C. 103(a) as being unpatentable over Bussiere 
(US006041 042A), in view of Amara et al. (US006839338B1 ), in view of Zhang et al. 
(US006985935B1), in view of Regan (US 200402 13232A1), and further in view of Ni 
(US007042843B2), 

18. With regard to claim 29 , Bussiere discloses, 

• an entry device configured to receive from the local network layer 2 domain a 
data packet to be remotely mirrored to a remote exit device in the remote 
network layer 2 domain; (Bussiere, col.1, line 5 - col. 10, line 65) 
Bussiere discloses, "FIG. 2 illustrates, by way of example, part of a network 
system in which a source device is monitored by a remote analyzer. The source 
device is referred to as an ingress device 15 for so long as the device is being 
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monitored, and can be anyone of the network communication devices (e.g., 
devices 1-4, 6 and 9 in FIG. 1). Ingress device 15 may have multiple ports 
through which packets may be received and sent. In FIG. 2, port 13 has been 
selected as the port to be monitored. Thus, in this example, device 15 is the 
ingress device and port 13 is the "mirror-from-port. "A "mirror-to-port" 14 is the 
out port on ingress device 15 that is on a path 12 set up through the connection- 
oriented network 10 to the egress device 18. All packets received and sent by the 
port 13 are also copied and transmitted through the network 10 to analyzer 5, 
located off analyzer port 11 of egress device 18. The "egress device" is the 
device on the network that is used to monitor the mirror-from-port 13 on the 
ingress device 15. Any device may be selected as the egress device" (Bussiere, 
col.4, line 66 - col.5, line 17). Hence, Bussiere teaches of the ingress device 15 
(i.e., Applicants' entry device) receiving packets (i.e., Applicants' data packet) 
that are being monitored through port 13 (e.g., "mirror-from-port") (i.e., 
Applicants' to be monitored) and transmitting them through "mirror-to-port" 14 to 
the egress device 18 (i.e., Applicants' remote mirrored device). Bussiere 
discloses, "In step 41, a port on a device in the network is selected to be 
monitored (i.e., a device is designated as an ingress device). Special hardware 
(and/or software) is set-up in the ingress device (e.g., 15), defining one port (e.g., 
port 13) as the "mirror-from-port" and one port (e.g., port 14) as "mirror-to-port". 
In step 42, frame encapsulation logic (e.g., 15') is set up in the ingress device 
(e.g., 15). In step 43, a path, (e.g., path 12), is set-up from a specific out-port of 
the ingress device (e.g., "mirror-to-port" 14) through the trunk devices (e.g., 16 
and 17) to the egress device (e.g., 18)" (Bussiere, col. 6, lines 41-50). Hence, 
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Bussiere teaches of the ingress device (e.g., "mirror-to-port" 14) (i.e., Applicants' 
entry device) is set up (i.e., Applicants' configured) with a path through the use of 
source and destination addresses (i.e., Applicants' destination IP address) so 
that data is forwarded to the egress device (i.e., Applicants' destination which 
mirror the data packet, remote exit device). 

• a configuration file in the entry device, where the configuration file stores a 
destination Internet Protocol (IP) address to which to mirror the data packet; 
(Bussiere, col.1, line 5 - col. 10, line 65) 

Bussiere discloses, "In step 41, a port on a device in the network is selected to 
be monitored (i.e., a device is designated as an ingress device). Special 
hardware (and/or software) is set-up in the ingress device (e.g., 15), defining one 
port (e.g., port 13) as the "mirror-from-port" and one port (e.g., port 14) as 
"mirror-to-port". In step 42, frame encapsulation logic (e.g., 15') is set up in the 
ingress device (e.g., 15). In step 43, a path, (e.g., path 12), is set-up from a 
specific out-port of the ingress device (e.g., "mirror-to-port" 14) through the trunk 
devices (e.g., Wand 17) to the egress device (e.g., 18)" (Bussiere, col. 6, lines 
41-50). Hence, Bussiere teaches of the ingress device (e.g., "mirror-to-port" 14) 
(i.e., Applicants' entry device) is set up (i.e., Applicants' configured) with a path 
through the use of source and destination addresses (i.e., Applicants' destination 
IP address) so that data is forwarded to the egress device (i.e., Applicants' 
destination which mirror the data packet, remote exit device). 

• a remote mirroring engine for generating and adding an IP header to IP 
encapsulate the data packet wherein the IP header includes the destination IP 
address, for reducing size of the data packet to accommodate the added IP 
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header, and for having the IP -encapsulated packet forwarded towards a remote 
exit device associated with the destination IP address. (Bussiere, col.1, line 5 - 
col. 10, line 65) 

Bussiere discloses, "According to a method embodiment, the invention 
comprises the steps of: selecting a first port of a first device from which to mirror 
packets; selecting a first port of a second device to which to mirror the packets; 
and mirroring the packets from the first port of the first device to the first port of 
the second device by encapsulating the packets and sending the encapsulated 
packets through the network to the second device. The first device encapsulates 
the packets, enabling them to be transmitted out the network to the second 
device; the second device de-encapsulates the encapsulated packets, and 
provides the same to an analyzer. The mirroring step may include establishing a 
connection path through a switched network from the first device to the second 
device and sending the encapsulated packets on the path. The step of 
encapsulating the packets may include adding a header which identifies the 
connection path" (Bussiere, col.2, lines 27-46). Hence, Bussiere teaches of the 
first device (i.e., Applicants' entry device) encapsulating the packets (i.e., 
Applicants' data packet) by including (i.e., Applicants' adding) headers identifying 
(i.e., Applicants' includes) the address of the destination (i.e., Applicants' 
destination address) device. 
However, Bussiere does not explicitly disclose, 

• a remote mirroring engine for generating and adding an IP header to IP 

encapsulate the data packet, wherein the IP header includes the destination IP 
address, for reducing size of the data packet to accommodate the added IP 
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heade r, and for having the IP-encapsulated packet forwarded towards a remote 
exit device associated with the destination IP address. 
Amara teaches, 

• a remote mirroring engine for generating and adding an IP header to IP 

encapsulate the data packet wherein the IP header includes the destination IP 
address, for reducing size of the data packet to accommodate the added IP 
heade r, and for having the IP-encapsulated packet forwarded towards a remote 
exit device associated with the destination IP address. (Amara, col.1, line 7 - 
col. 18, line 38) 

Amara discloses, "IP can be used to send data between devices on the same 
network and between devices on different networks. For IP communications, a 
device is generally assigned a 32-bit IP address. The IP address is generally 
globally unique across the connected networks, and this allows the destination 
device to be uniquely identified by its IP address. Data is transmitted in an IP 
packet. The IP packet includes a header portion and a data portion" (Amara, 
col.3, lines 31-38). Amara discloses, "The virtual tunnel 126 can be created by 
encapsulating a data packet inside another data packet and by adding additional 
tunnel packet headers" (Amara, col. 6, lines 43-45). Hence, Amara implies of IP 
encapsulating data packets using IP headers and transmitting them to the 
destination based on the destination IP address of the IP header through devices 
on different networks. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Amara with the teachings of 
Bussiere "to send data between devices on the same network and between devices 
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on different networks" (Amara, col.3, lines 31-32). Bussiere discloses, "As 
businesses have realized the economic advantages of sharing expensive computer 
resources, cabling systems (both physical and wireless) have proliferated to enable 
the sharing of such resources over a network. A local area network, or 'LAN', refers 
to an interconnected data network that is usually confined to a moderately-sized 
geographical area, such as a single office building or a campus area. Larger 
networks are often referred to as wide area networks or WANs'. Networks may be 
formed using a variety of different interconnection elements, such as unshielded 
twisted pair cables, shielded twisted pair cables, coaxial cable, fiber optic cable, and 
wireless interconnection elements. The configuration of these cabling elements, and 
the interfaces for the communications medium, may follow one or more topologies 
such as a star, ring, bus or mesh" (Bussiere, col.1, lines 13-28). Hence, Bussiere 
suggests of communicating between networks, providing motivation to combine with 
the teachings of Amara to send data packets between different networks via IP 
encapsulation. 

However, Bussiere and Amara do not explicitly disclose, 

• an entry device configured to receive from the local network layer 2 domain a 
data packet to be remotely mirrored to a remote exit device in the remote 
network layer 2 domain; 

Zhang teaches, 

• an entry device configured to receive from the local network layer 2 domain a 
data packet to be remotely mirrored to a remote exit device in the remote 
network layer 2 domain; (Zhang, col.1, line 6 - col. 16, line 33) 
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Zhang discloses, "Once the Layer 2 tunnel is setup and a necessary link is 
established, the LNS typically assigns an IP address to an authenticated client, 
and sends it to the network access device over the Layer 2 tunnel. The network 
access device receives the IP address and transfers it to the client (129)." 
(Zhang, col. 9, lines 20-24). Hence, Zhang teaches of communicating between 
networks through layer 2 encapsulation. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Zhang with the teachings of 
Bussiere and Amara "to send data between devices on the same network and 
between devices on different networks" (Amara, col. 3, lines 31-32). Bussiere 
discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or 'WANs'. 
Networks may be formed using a variety of different interconnection elements, such 
as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
one or more topologies such as a star, ring, bus or mesh" (Bussiere, col. 1 , lines 1 3- 
28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. 
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However, Bussiere, Amara, and Zhang do not explicitly disclose, 

• a remote mirroring engine for generating and adding an IP header to IP 
encapsulate the data packet, wherein the IP header includes the destination IP 
address, for reducing size of the data packet to accommodate the added IP 
header, and for having the IP-encapsulated packet forwarded towards a remote 
exit device associated with the destination IP address. 

Regan teaches, 

• a remote mirroring engine for generating and adding an IP header to IP 
encapsulate the data packet, wherein the IP header includes the destination IP 
address, for reducing size of the data packet to accommodate the added IP 
header, and for having the IP-encapsulated packet forwarded towards a remote 
exit device associated with the destination IP address. (Regan, para. 1-36) 
Regan discloses, "Using a mirror service configured to send mirror packets via a 
primary network could increase congestion on the primary network, e.g., by 
interfering with the ability of a network to fulfill quality of service guarantees for 
transport services (e.g., VLAN) provided via the primary network. In some 
embodiments, the effect of mirror service traffic is minimized by "slicing" 
oversized mirror packets, which reduces processing and time requirements, 
alleviating performance impacts. Mirror packets are truncated prior to being sent 
to a mirror destination. Truncation minimizes replication and tunneling overhead 
associated with transmitting packets to a mirror destination. In some 
embodiments, rate limiting is used to minimize the impact of mirror service 
packets on the performance of other services being provided using the network 
by limiting the rate at which mirror packets are sent via the mirror service. Rate 
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limiting may be implemented with user or system specified limits, and may be 
dynamic, i.e., the permitted rate for the mirror service may change as conditions 
change, e.g., the extent to which QoS guarantees are being met" (Regan, 
para.30). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Regan with the teachings of 
Bussiere, Amara, and Zhang "to send data between devices on the same network 
and between devices on different networks" (Amara, col. 3, lines 31-32). Bussiere 
discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or 'WANs'. 
Networks may be formed using a variety of different interconnection elements, such 
as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
one or more topologies such as a star, ring, bus or mesh" (Bussiere, col.1, lines 13- 
28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. In addition, Regan discloses, "In 
some embodiments, the effect of mirror service traffic is minimized by "slicing" 
oversized mirror packets, which reduces processing and time requirements, 
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alleviating performance impacts. Mirror packets are truncated prior to being sent to a 
mirror destination. Truncation minimizes replication and tunneling overhead 
associated with transmitting packets to a mirror destination" (Regan, para. 30). 
However, Bussiere, Amara, Zhang, and Regan do not explicitly disclose, 

• configuring the entry device in a best effort mirroring mode to reduce head-of-line 
blocking. 

Ni teaches, 

• configuring the entry device in a best effort mirroring mode to reduce head-of-line 
blocking. (Ni, col.1, line 10 - col. 14, line 40) 

Ni discloses, "The issue then becomes how does a system manage the 
scheduling of the transmission of the packets so that no voice or video 
transmission interval violation occurs and no best effort starvation occurs. An 
embodiment of the invention addresses this issue by providing a method to 
restrict the total number of active class of services (flows) for voice and video 
packets so that 1) the maximum wait time for any port's voice/video queue is less 
than or equal to the maximum transmission interval (i.sub.m), 2) the process of 
interleaving voice, video and best effort traffic does not delay the transmission of 
the next voice/video packet transmit time, and 3) the process does not starve the 
video and best effort traffic for service" (Ni, col. 7, lines 1 7-29). Hi discloses, 
"HOL blocking is a phenomenon that may occur in an input buffered switch 
wherein a packet is temporarily blocked by another packet or packets either at 
the input buffer or at the output buffer. HOL reduces the effectiveness of the 
transfer rate. One of the objectives of flow control is to inhibit the sending station 
or host from sending additional packets to a congested port for a predetermined 
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amount of time. While a flow control scheme is expected to ease congestion, it 
may also aggravate the Head-of-Line (HOL) blocking problem by causing 
additional transmission delays" (Ni, col.7, lines 7-16). Hence, Ni teaches of 
utilizing best effort transmission method among others to avoid that starvation of 
best effort traffic for service and reducing the head-of-line (HOL) blocking and 
congestion problems. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Ni with the teachings of 
Bussiere, Amara, Zhang, and Regan "to send data between devices on the same 
network and between devices on different networks" (Amara, col. 3, lines 31-32). 
Bussiere discloses, "As businesses have realized the economic advantages of 
sharing expensive computer resources, cabling systems (both physical and wireless) 
have proliferated to enable the sharing of such resources over a network. A local 
area network, or 'LAN', refers to an interconnected data network that is usually 
confined to a moderately-sized geographical area, such as a single office building or 
a campus area. Larger networks are often referred to as wide area networks or 
'WANs'. Networks may be formed using a variety of different interconnection 
elements, such as unshielded twisted pair cables, shielded twisted pair cables, 
coaxial cable, fiber optic cable, and wireless interconnection elements. The 
configuration of these cabling elements, and the interfaces for the communications 
medium, may follow one or more topologies such as a star, ring, bus or mesh" 
(Bussiere, col.1, lines 13-28). Hence, Bussiere suggests of communicating between 
networks, providing motivation to combine with the teachings of Amara to send data 
packets between different networks via layer 2 IP encapsulation. Ni discloses, "The 
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issue then becomes how does a system manage the scheduling of the transmission 
of the packets so that no voice or video transmission interval violation occurs and no 
best effort starvation occurs" (Ni, col.7, lines 17-20). 

Response to Arguments 

19. Applicant's arguments with respect to claims 1, 15, 18, 26, and 29 have been considered 
but are moot in view of the new ground(s) of rejection. 

Conclusion 

20. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Thomas Duong whose telephone number is 571/272-391 1 . The 
examiner can normally be reached on M-F 7:30AM - 4:00PM. If attempts to reach the 
examiner by telephone are unsuccessful, the examiner's supervisor, Jason D. Cardone 
can be reached on 571/272-3933. The fax phone numbers for the organization where 
this application or proceeding is assigned are 571/273-8300 for regular communications 
and 571/273-8300 for After Final communications. 

Thomas Duong (AU2145) 
March 29, 2008 
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